计算机防火墙论文
【 摘要 】:防火墙是目前网络安全领域广泛使用的设备,其主要目的就是限制非法流量,以保护内部子网。从部署位置来看,防火墙往往位于网络出口,是内部网和外部网之间的唯一通道,因此提高防火墙的性能、避免其成为瓶颈,就成为防火墙产品能否成功的一个关键问题。
本文引用了叙述性的文字概述了防火墙的概念、功能及类型等,让我们全面了解了一个理论上的防火墙。描述了一个模拟的大型离散事件可视化网络仿真器NS-2(Network Simulator V.2)在Windows下的安装过程与出错处理。本文的重点是提出了对防火墙过滤规则进行优化的方案,对通过防火墙的数据包进行统计分析,并根据统计数据动态调整过滤规则的相对次序,使得使用最频繁的规则位于规则列表的最前面,使其和当前网络流量特性相一致,从而达到降低后继数据包规则匹配时间、提高防火墙性能之目的,并在Windows下利用仿真器NS-2对两个方案(一方案:不采用此优化算法,二方案:采用此优化算法)进行仿真实验,通过对仿真结果的比较分析得出此优化算法真的能提高防火墙的性能。
【 Abstract 】: Firewall is the present network safe field equipment used extensively, its major purpose is to restrict illegal rate of flow in order to protect internal son net. From disposition location, firewall is often located in network export , is the only passageway between internal net and external net , therefore raises the performance of firewall , avoid it to become bottleneck , become firewall product whether a successful key problem.
This paper has quoted the writing of statement, is general to have stated type, function and the concept of firewall, leting us overall have known one theoretically firewall. It is analog to have described one Large scale dispersed incident visualized network emulator NS-2(Network Simulator V.2) when WindowsNext installation process and make mistakes to handle. This paper focal point is put forward for firewall filter rule carry out optimization scheme, for through firewall data bale carry out statistics analysis, and according to statistics data development adjustment filter rule relative order, make use most frequently rule is located in rule list before most, make it with current network rate of flow property appearance consistent, so reach reduction succeed data bale rule match time , raising firewall performance purpose, and in WindowsNext use Emulator NS-2Is for two schemes ( the case of one side: Do not adopt this optimization algorithm and 2 schemes: Adopt this optimization algorithm) carry out emulation experiment, can really raise the performance of firewall through reaching this optimization algorithm for the trade off study of emulation result.
【 Keywords 】:NS-2、Firewall、Rule- matching、Statistic Analysis 3
[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] ... 下一页 >>